| 摘要 |
A controller of a computer system is programmed with a method of protecting the system from the execution of malicious code. An index table is provided 210 which records the storage locations of the application program interfaces (API) used by the system. The method calls one of the APIs 220, and assesses 230 whether it meets a predetermined condition. If the condition is met, the system blocks 240 the API from executing its function. The condition may be whether the function of the API relates to a protected process or dynamic link library (DLL), or whether the API attempts to amend the registry of the operating system. The method allows detection of malicious program code before it carries out its function, and does not conflict with the operation of other processes in the system. A device which hooks APIs called by the system in order to make an assessment as to their validity is also disclosed. |
